Reporting security vulnerabilities

When reporting a security vulnerability please do not disclose the details publicly. This includes our
user mailing lists. Instead contact keycloak-security@lists.jboss.org or create a JIRA issue and mark it as security sensitive. The Keycloak team will acknowledge your e-mail, and you will receive a response indicating the next steps in handling your report.